Tags: DHowett/sbctl
Tags
Release 0.8
Morten Linderud (31):
reset: Add reset command for Platform Key
enroll-keys: Refactor a bit and prepare OEM keys
reset: Added error when PK is already reset
status: lowercase sbctl in the output
reset: Added some output logging
keys: Refactor key enrollment a tiny bit
Makefile: Added phony target for sbctl
status: remove capitalization of sbctl
certs: Added certs package to support vendor certificates
keys: Allow enrollment of Microsoft OEM keys
status: Display enrolled vendor keys
enroll-keys: Implement --ignore-immutable
bundle: Do not error when we don't find an ESP for help
util: Switch from if to cases
enroll-keys: Refactor a bit
sbctl.8: Updated the manpage
keys: Don't hard error when we don't have the db
Fix go.mod
go.mod: Added go-attestation + update dependencies
tpm: Implemented TPM Eventlog reading
sbctl: Add new error messages for OpROM
enroll-keys: Implement OpROM checking using the TPM Eventlog
enroll-keys: Implement enrollment of checksums from the TPM Eventlog
go.mod: Revert update so we don't need trousers
enroll-keys: Add check for empty eventlog
status: Don't error on missing GUID file
sbctl.8: Add entries for vendor flags
status: Expand the vendor entries in the status
guid: Change perms to 644 and move from ioutils to os
sbctl.8: Added usage section, some cleanups
logging: Warnings go to stderr
Silke Hofstra (1):
Ignore EOF errors in CheckMSDos
Release 0.5
This release contains a few changes to the documentation of sbctl. The most
notable change is to the `GetESP` functionality which should behave better on
systems with more then one EFI partition. This can also be overridden with
`SYSTEMD_ESP_PATH` or `ESP_PATH`.
Hugo Barrera (3):
Update man entry for default cmdline
Update docs/sbctl.8.txt
Typo
Hugo Osvaldo Barrera (4):
Extend the documentation a bit
Refine docs based on feedback
Typos
Tweak unconvincing working
Morten Linderud (5):
bundles: Handle command not found errors
util: Expand array in print generator
Updated readme for libera
sbctl/bundle: Do not default to ESP for fetching kernel and initramfs
man: Mention environment variables for ESP location
igo95862 (3):
Remove ioutil
Improved GetEsp function.
Add SYSTEMD_ESP_PATH and ESP_PATH environment variables support
Release 0.4
Morten Linderud (2):
Updated srcinfo
sbctl: Inverted bool broke key enrollment
igo95862 (3):
Directly pass arguments to subprocesses instead of args spliting
Use argument list for objcopy instead of split by whitespace
Redirect objcopy stderr to parent stderr
Érico Nogueira (1):
Use x/sys/unix for ioctl instead of rolling our own.
Release 0.3
This is mostly just a quick bugfix release. The x509 cert change adds a
expire date for 5 years, but shouldn't matter too much in the immediate
future.
The bug is that sbctl gets confused if the PK file in efivarfs does not
exist since we are checking for immutable
Morten Linderud (3):
sbctl: Create valid x509 certs for the kernel
sbctl: IsImmutable should return false if the file does not exist
Fixed sbctl hooks in PKGBUILD
Release 0.2
This release has mostly UX issues and improves the error handling of the
underlying commands.
The major change has been moving from /proc/cmdline as the default cmdline file
to /etc/kernel/cmdline which should be better suited for this task.
Morten Linderud (13):
sbctl: Added missing format argument
sbctl: Microcode won't always be passed
cmd/sbctl: proper exit if we fail creating bundle
cmd/sbctl: Typo in err
sbctl: Check for immutable files before sbkeysync
keys: sbkeysync can have "Permissiond denide" errors
sbctl: Check for persmission denied. Use errors package
sbctl/bundle: Change default cmdline to /etc/kernel/cmdline
sbctl.hook: Renamed to be ordered last, added more paths